how to find whats on a box

[ranjitcool]

Hey Guys,

This is the deal, a linux box got compromised and the networking was alarmed.

I looked through all logs and didnt find a thing.

I said it looks secure.

However the guy who built the box was called on and he said some guy exploited phpmyadmin that was loaded on the box. Obviously he looked into phpmyadmin logs to find that out.

I had no idea phpmyadmin was loaded on to it. I was told to find a discovery method where I know what all is loaded on a box.

How do I do that?

Please assist, I know I can find out rpm and look for packages but i dont want to scan the whole server as it may result in 100's of results.

Please assist

Thanks
RJ

[daark.child]

For starters, you could look at the list of installed packages. One way is to do

Code:

rpm -qa >> installedpkgs.txt

installedpkgs.txt will then have a list of all installed packages.

[ranjitcool]

What about complied packages, thanks but I had known of rpm -qa

RJ

[daark.child]

For compiled packages, you could keep a manual log of what you installed, when you installed it and the versions as well.

[ranjitcool]

so there is no command to find out?

[daark.child]

so there is no command to find out?

Not that I am aware of. Its usually very difficult to track stuff thats compiled from source unless a log is kept somewhere.